Mobile Application Penetration Testing

Is my app secure?

Standards & Certifications

Do you know exactly what kind of tests your app needs?

You are probably familiar with mobile application testing standards such as OWASP MASTG and there may be good reasons in your case to stick to a specific standard. You may also need security certificates such as DIGA or ISO27001 for your app.
You may not (yet) know exactly which test scope and which procedure is suitable in your specific case: Is it sufficient to test only the app itself, or should, for example, a compromised mobile device and its impact on the security of your app also be simulated?

In any case, ProSec has experts at your side who will take an individual look at your app and your company and work with you to determine the most sensible process and scope for mobile application penetration testing in your case. It does not matter whether it is a native or hybrid app, whether it was developed for only one target platform or, for example, built with Flutter as a cross-platform app.

We support you with security (pun intended)
to make your app professionally and sustainably strong against hacking attacks.

Individual and holistic

As much standard as necessary, as precise as possible

Our strength lies in being able to precisely determine your needs through our experience and extensive expertise. We do not stubbornly follow existing guidelines, but design our own standards to suit our customers.
Where it makes sense, we naturally follow the established standards, in order to be able to issue the required certificates, for example.
From us you can get suitable contextual designs
for DIGA, ISO27001 and other certificates.
The individual coordination of the test procedure also includes a possible re-test. This way you can make sure that you have successfully processed all the findings of the first test.

Holistic Mobile Application Penetration Testing

In our penetration tests, we always look at the "big picture".

In case of mobile application, this means that in addition to technical vulnerabilities, we include the aspect of physical theft:
We audit the mobile device and uncover possible attack vectors (external to the app, but always with reference to the app).

During the technical review, we look at both the static and dynamic aspects of your app: For example, does the source code inadvertently contain credentials? Are there vulnerabilities in the communication between app and API?

Specifically, the technical level of our mobile application penetration testing includes the following:

  • Runtime Injections & Runtime Analysis
  • Input Validation & Injection Flaws
  • Local/External Storage Analysis & Permission Flaws
  • SQLite & Database Analysis
  • Test of cryptographic functions
  • Authentication and session management
  • Holistic view of the API's
ProSec Mobile App Pentest
The technical level of our mobile application penetration testing includes static and dynamic aspects.

Realistic Mobile Application Penetration Testing:

We use your app with a hacker's eye

In all of our pentests, we take the most realistic approach possible and are based on the behaviour of malicious hackers. Because our primary objective is to successfully protect your company and the users of your app from these hackers - not just about formally meeting all the requirements for a certificate. 
Our approach is as simple as it is effective: We load your app onto our devices on our devices, use it, and then start searching for possible vulnerabilities. In this way, we determine the attack paths that hackers can use in your specific case.

If your developers forgot credentials in the source code, we will find them.

If sensitive files are stored unencrypted on the mobile device when using your app, we will find them.

If your app has permission deficiencies, we'll find them.

If your app communicates unencrypted, we'll find out.

If your app makes insecure requests to the API, we will find them and extend our attack vector to those endpoints.

We find the weak points of your app - and help you close them.

It's Never Too Late for Mobile Application Penetration Testing

Have you just developed a new app and want to make sure that your users and their data are safe while using it? Or does your company offer an app that has been in development for some time and you're wondering if there are any security risks?

Mobile Application Penetration Testing is in any case the best way
to protect yourself from attacks via this route!

If you find yourself completely or partially relating to our typical requests, feel free to contact us for a no-obligation get-to-know conversation!
We have a specially developed website for communication with our customers. To simplify its use, we have developed an Android and iOS application, which displays our website in a webview. In order to make sure that no mistakes happened during the development and implementation of the app or to ensure that we didn't forget something in the code during the development, I would like to have the apps checked before the release.
With the help of a mobile application, we offer our customers the possibility of transmitting sensitive data to us with the help of a mobile application. We offer both an Android and iOS application. However, both applications were developed by different groups of people. The development iOS application was developed several years ago, and there is no one left in the in the company who was involved in its development. To be sure, that we provide our customers with a secure platform for data exchange, I would especially like to have the development of the iOS application reviewed.